From: deivid <noreply@...>
Date: 2021-12-23T17:36:55+00:00
Subject: [ruby-core:106791] [Ruby master Bug#18424] Is Ruby is vulnerable to log4j?

Issue #18424 has been updated by deivid (David Rodr��guez).


Yes, that's correct. The naming in these test cases is inspired by rearward packages, but these are just dummy packages just for the sake of testing, not the real library code. You can replace `log4j` with `very-secure-library` in those tests and they should still pass.

----------------------------------------
Bug #18424: Is Ruby is vulnerable to log4j?
https://bugs.ruby-lang.org/issues/18424#change-95495

* Author: salamani (Ravi Salamani)
* Status: Rejected
* Priority: Normal
* ruby -v: master
* Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN
----------------------------------------
I observed that the ruby uses zookeeper, dep "slyphon-log4j", "= 1.2.15".
Is Ruby is vulnerable to log4j?



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>